Malicious Payloads with Batloader Malware in 2022
Category: Malware Campaign | Industry: Global | Level: Tactical | Source: Trend Micro
Tracking of modular malware, Batloader by Trend Micro, discovered the malware was highly active in the fourth quarter of 2022, by a threat actor tracked as “Water Minyades.” Used for initial access "Batloader has been observed to drop several malware payloads, such as Ursnif, Vidar, Bumbleloader, RedLine Stealer, ZLoader, Cobalt Strike, and SmokeLoader. It can also drop legitimate remote management tools, such as Syncro and Atera." Batloader is also part of intrusion sets leading to the execution of Royal ransomware. Commonly Batloader campaigns target users seeking to download legitimate software and through search engine optimization (SEO) poisoning techniques, and luring victims onto the actors fictitious sites hosting a malicious payload.
- Malicious Software Download via MSI/JS
Anvilogic Use Cases:
- Wscript/Cscript Execution
- MSHTA.exe execution
- Executable Create Script Process